diff options
author | Karolin Seeger <kseeger@samba.org> | 2010-09-09 15:52:37 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2010-09-09 15:52:37 +0200 |
commit | 8072e7cc7eeb91de9c6ea26e23d72f96fa60f27e (patch) | |
tree | 2c3c4ad5e1b62250ac696a917dd205a4c69f3265 | |
parent | df20a300758bc12286820e31fcf573bdfc2147bc (diff) | |
download | samba-8072e7cc7eeb91de9c6ea26e23d72f96fa60f27e.tar.gz |
WHATSNEW: Prepare release notes for Samba 3.4.9.
Karolin
-rw-r--r-- | WHATSNEW.txt | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 385731f42b0..5c58d6983e4 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,19 +1,33 @@ ============================= Release Notes for Samba 3.4.9 - , 2010 + September 16, 2010 ============================= -This is the latest stable release of Samba 3.4. +This is a security release in order to address CVE-2010-3069. -Major enhancements in Samba 3.4.9 include: - o +o CVE-2010-3069: + All current released versions of Samba are vulnerable to + a buffer overrun vulnerability. The sid_parse() function + (and related dom_sid_parse() function in the source4 code) + do not correctly check their input lengths when reading a + binary representation of a Windows SID (Security ID). This + allows a malicious client to send a sid that can overflow + the stack variable that is being used to store the SID in the + Samba smbd server. -Changes since 3.4.8 -------------------- + +Changes since 3.3.13 +-------------------- + + +o Jeremy Allison <jra@samba.org> + * BUG 7669: Fix for CVE-2010-3069. +o Andrew Bartlett <abartlet@samba.org> + * BUG 7669: Fix for CVE-2010-3069. ###################################################################### |